why cannot ping the nat ip address belongs to ACE interface vlan

Answered Question
Feb 23rd, 2010
User Badges:

we did not received response from NAT ip address configured on interface vlan in one context, however, in another context with similar configuration the ping is sucessfully received. the only difference we have observed is that in the context without ping response, the IP address appears in the ARP table as "VSERVER" type, meanwhile, in the context with correct behavior of the ping, the IP address appears as "NAT" type


ATH_LB_01/Produccion# ping 10.129.3.44

Pinging 10.129.3.44 with timeout = 2, count = 5, size = 100 ....

Response from 10.129.3.44 :  seq 1 time 2.043 ms
Response from 10.129.3.44 :  seq 2 time 0.000 ms
Response from 10.129.3.44 :  seq 3 time 0.608 ms
Response from 10.129.3.44 :  seq 4 time 1.607 ms
Response from 10.129.3.44 :  seq 5 time 0.000 ms
5 packet sent, 5 responses received, 0% packet loss


ATH_LB_01/Desarrollo# sh arp


Context Desarrollo
================================================================================
IP ADDRESS      MAC-ADDRESS        Interface  Type      Encap  NextArp(s) Status
================================================================================
10.129.3.40     00.00.a8.82.82.c8  vlan933   LEARNED    25     2299 sec     up
10.129.3.41     00.24.81.7f.5f.50  vlan933   LEARNED    26     2298 sec     up
10.129.3.42     00.24.81.7f.66.7c  vlan933   LEARNED    27     2298 sec     up
10.129.3.43     00.24.81.7f.5f.50  vlan933   GATEWAY    21     262 sec      up
10.129.3.44     00.0b.fc.fe.1b.02  vlan933   NAT        LOCAL     _         up
10.129.3.45     00.1b.24.93.d4.bb  vlan933   INTERFACE  LOCAL     _         up
10.129.3.46     00.0b.fc.fe.1b.02  vlan933   ALIAS      LOCAL     _         up
10.129.3.17     00.1b.24.93.d4.bb  vlan932   INTERFACE  LOCAL     _         up
10.129.3.19     00.0b.fc.fe.1b.02  vlan932   ALIAS      LOCAL     _         up
10.129.3.24     00.50.56.a2.7b.16  vlan932   LEARNED    28     2298 sec     up
10.129.3.25     00.0c.29.b7.b7.37  vlan932   RSERVER    110    211 sec      up
10.129.3.26     00.0c.29.15.8b.6e  vlan932   LEARNED    29     2298 sec     up
10.129.3.27     00.0c.29.bb.5e.64  vlan932   LEARNED    30     2298 sec     up
10.129.3.28     00.50.56.9d.23.74  vlan932   RSERVER    108    296 sec      up
10.129.3.29     00.50.56.a2.74.46  vlan932   LEARNED    31     2298 sec     up
================================================================================
Total arp entries 15

ATH_LB_01/Desarrollo#


ATH_LB_01/Desarrollo#


ATH_LB_01/Desarrollo# ping 10.129.3.132

Pinging 10.129.3.132 with timeout = 2, count = 5, size = 100 ....

No response received from 10.129.3.132 within last 2 sec
No response received from 10.129.3.132 within last 2 sec
No response received from 10.129.3.132 within last 2 sec
No response received from 10.129.3.132 within last 2 sec
No response received from 10.129.3.132 within last 2 sec
5 packet sent, 0 responses received, 100% packet loss


ATH_LB_01/Produccion# sh arp


Context Produccion
================================================================================
IP ADDRESS      MAC-ADDRESS        Interface  Type      Encap  NextArp(s) Status
================================================================================
10.129.3.97     00.16.97.1e.58.ae  vlan930   RSERVER    71     51 sec       up
10.129.3.98     00.23.7d.cf.e9.0e  vlan930   LEARNED    85     3293 sec     up
10.129.3.99     00.23.7d.cf.ea.62  vlan930   LEARNED    88     3293 sec     up
10.129.3.100    00.16.97.1e.57.6a  vlan930   RSERVER    103    295 sec      up
10.129.3.101    00.23.7d.cf.ea.50  vlan930   LEARNED    105    11783 sec    up
10.129.3.102    00.23.7d.cf.e9.be  vlan930   LEARNED    104    11483 sec    up
10.129.3.103    00.1b.24.93.d4.bb  vlan930   INTERFACE  LOCAL     _         up
10.129.3.106    00.0b.fc.fe.1b.04  vlan930   ALIAS      LOCAL     _         up
10.129.3.129    00.24.81.7f.5f.51  vlan931   LEARNED    90     3293 sec     up
10.129.3.131    00.24.81.7f.5f.51  vlan931   GATEWAY    58     52 sec       up
10.129.3.132    00.0b.fc.fe.1b.04  vlan931   VSERVER    LOCAL     _         up
10.129.3.133    00.1b.24.93.d4.bb  vlan931   INTERFACE  LOCAL     _         up
10.129.3.135    00.0b.fc.fe.1b.04  vlan931   ALIAS      LOCAL     _         up
10.192.3.1      00.00.a8.83.84.2e  vlan937   LEARNED    92     3294 sec     up
10.192.3.2      00.0b.fc.fe.1b.04  vlan937   ALIAS      LOCAL     _         up
10.192.3.3      00.1b.24.93.d4.bb  vlan937   INTERFACE  LOCAL     _         up
10.192.3.5      00.0b.fc.fe.1b.04  vlan937   NAT        LOCAL     _         up
10.192.3.7      00.24.97.18.c0.bf  vlan937   LEARNED    111    11622 sec    up
================================================================================
Total arp entries 18

ATH_LB_01/Produccion#


ATH_LB_01/Produccion#

Correct Answer by Sean Merrow about 7 years 4 months ago

Hello,


Just wanted to add that if you first configure an IP address in a nat-pool, it will be entered into the ARP table as a type NAT.  Then if you use that same address in a class-map as a VIP, it will stay as the type NAT.  Also, if you first configre the address as a VIP, it will be entered as type VSERVER, but if you later add the same address to a nat-pool, it will continue be shown as type VSERVER.  So it appears the order in which you use the address in your config directly affects the way it is displayed in the ARP cache.


Sean

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Gilles Dufour Tue, 02/23/2010 - 08:29
User Badges:
  • Cisco Employee,

We do not respond to ping sent to natpool ip address.

But we do respond to ping sent to vserver ip address.

It is possibe to use a vserver ip address as a nat pool ip address.

In this case we will respond to the ping sent to this ip address.


So, in the case it does not work it is because there is no vserver using that nat pool ip address.


Gilles.

Jeimy Galindo Tue, 02/23/2010 - 14:20
User Badges:

what is wrong with this configurations? why one ARP table shows the NAT ip address as VSERVER and the other as NAT? why the IP classified as VSERVER don`t answer the ping?



thanks in advance for your answer,

Gilles Dufour Wed, 02/24/2010 - 07:31
User Badges:
  • Cisco Employee,

ok, I now see the ip in your config.

Could you get a 'show ver' + 'sho cfgmgr internable icmp-vip'.


Make sure you run the latest version, there were a lot of fixes in the icmp code.


Thanks.


Gilles.

Correct Answer
Sean Merrow Wed, 02/24/2010 - 10:31
User Badges:
  • Silver, 250 points or more

Hello,


Just wanted to add that if you first configure an IP address in a nat-pool, it will be entered into the ARP table as a type NAT.  Then if you use that same address in a class-map as a VIP, it will stay as the type NAT.  Also, if you first configre the address as a VIP, it will be entered as type VSERVER, but if you later add the same address to a nat-pool, it will continue be shown as type VSERVER.  So it appears the order in which you use the address in your config directly affects the way it is displayed in the ARP cache.


Sean

Jeimy Galindo Thu, 03/11/2010 - 08:05
User Badges:

thanks sean, you are right, the order which we configure the address affect the arp table!

Actions

This Discussion